Is Your Mobile Device Safe From Malware Threats?

Further to this,

“There were 1 million mobile malware installation packages in Q2, which is 7 times greater than in Q1.”

The most prevalent type of threat remains mobile banking malware. For example, Kaspersky found that the Q1 Trojan-SMS.AndroidOS.OpFake.cc was capable of attacking 29 banking and financial apps. In Q2 2015, the later version of the same malware was capable of attacking 114 finance-related applications. The main goal of the malware was to steal the victim’s login details in order to attack other apps, for the most part email.

Mobile Malware on the Rise

Mobile malware then is on the rise. This is no surprise to security experts as cybercriminals have long since realised that mobile represents the next big earner for them. However, whilst the rate of malware infection when compared to Windows has become equal on Android devices, the same types of exploit kits found for PC attacks and other attack techniques have not yet fully matured for mobile.

The first incidence in mobile malware was picked up in 2004. But it’s only been in more recent years that it’s become a very real threat to the mobile and tablet end user. The rise in the mobile and tablet market has of course contributed to this.

Sophos report that,

“The exponential growth in Android devices—and the buoyant and largely unregulated Android app market—produced a sharp rise in malware targeting that platform. […] Android malware has grown quickly in a short space of time and looks set to keep growing apace with our use of mobile devices.”

Sophos Mobile Threat Report

(Image source: Sophos Mobile Threat Report)

Apple Devices Are Affected

Whilst the majority of mobile malware affects Android devices, threats to iOS have also recently emerged, doing away with the popular notion that Apple devices are immune to infection. The recent XCodeGhost attack targeted iOS devices by tricking app developers into downloading an infected version of XCode from Chinese servers.

XCode is the basis for app development for the iOS platform and whilst it’s free to download and use for developers, often downloads can take hours depending on where in the world the developer is located. This means that devs find other sources that allow them to download the software quicker, but unfortunately, on this occasion, the software had been accessed by malware authors and a Trojan added to the software package.

This meant that developers were unknowing compiling apps that were infected. It’s thought that many popular apps were affected but it’s been disputed just how many. Apple put the number at just 25, whilst Appthority claims that as many as 477 were affected.

Android Accounts for 99% of Mobile Malware

For the most part though, iOS remains far less attacked than Android and it’s thought that of the 0.68% of mobile devices that are infected with malware globally, 99% of these are running Android. According to Kevin McNamee, director of Motive Security Labs at Alcatel-Lucent, this is because of the open nature of the Android app ecosystem.

“Most importantly is the fact that there is less control – you can download the apps from third-party app stores and there is very little checking of the digital signature that you sign the app with,” McNamee said.

Jailbroken devices are also more likely to be affected by malware. Jailbreaking involves “running a privilege escalation attack on your own device, exploiting a vulnerability to gain root access.” This lifts inbuilt restrictions on the device and allows unapproved apps to be installed that have not been reviewed by the Apple App Store. On Android devices, which allow users to install apps from sources other than Google Play, jailbreaking the devices can lift restrictions from carriers and manufacturers, thus rendering the device less secure.

How Mobile Malware Affects Users

Initially, the first instances of mobile malware were designed to capture information used to login to financial apps and websites using simple key-loggers. However, in more recent years malware has become increasingly sophisticated and serves up malicious websites which in turn serves mobile versions of malware such as Zeus and Spyeye.

The malicious website is capable of identifying the platform on which the site is being accessed and will serve an Android package (APK file). This is designed to steal the mobile transaction authentication numbers (mTANs) which are associated with banking transactions. Zeus is capable of intercepting all incoming SMS and can then change the destination number of forwarded SMS such as those that you would receive from your bank.

Other types of malware will – rather than retrieve credit card numbers or withdraw funds from a bank – will use premium rate SMS to steal cash. These often go undetected by users until they receive their next mobile bill.

More recently, we’ve seen an increasing threat from mobile ransomware. Similar to PC ransomware, the malware locks the screen on a device and sends a message to the user informing them that they will have to pay a fee to get the device unlocked. Like PC ransomware, it’s often the case that the fee is paid but the device remains locked.

Sophos Mobile Security Threat Report

(Image source: Sophos Mobile Security Threat Report)

There are 1000s of malware variants in the wild and it would be all but impossible to describe them all here, but for the most part, the majority of mobile malware is designed to steal money and/or information.

How Can You Protect Yourself

For those organisations running a BYOD (Bring Your Own Device) scheme, it’s important that users understand the risks and that the business network must be protected. This can be achieved through strong BYOD policies, that don’t allow jailbroken phones to be used on the network, as well as a list of approved apps and for some businesses, even devices. To further protect devices, security and web filtering should be implemented to ensure that malware is picked up before it can do any damage or collect any information. Security software should also be installed onto the device itself.

From the perspective of personal users, the threat is just as great as it is to a business. Whilst many end users make the assumption that they are not worthy of the attentions of hackers and malware authors, this simply isn’t true. Cybercriminals for the most part tend to attack the weakest link – which tends to be those who don’t understand the risks.

All users, business and personal, should:

  • Use official app stores only for downloading apps
  • Check app permissions to ensure that it doesn’t ask for more than it should, such as sending SMS and making calls
  • Security software should be installed from a reputable source
  • Web filtering and link checkers should be used in order to pick up malicious websites
  • Devices should not, ideally, be jailbroken
  • Users should implement a lock screen
  • All apps and operating system software should be updated as updates are released
  • Public, unsecured Wi-Fi hotspots should be avoided
  • Web apps should be blocked as malicious advertisements can be served through ads – these are often submitted through legitimate ad networks
  • Users should avoid clicking through on suspicious links in emails and should not download attachments unless they are sure of the source
  • Bluetooth and NFC should be disabled when not in use

It’s not always simple to understand which links when browsing should be clicked or not. Using a web filter will allow malicious links to be picked up when browsing on a mobile device. It’s worth considering too that the majority of malware occurs through user intervention. In recent years, ‘social engineering’ tactics have been widely employed by cybercriminals in order to trick the user into clicking on a malicious link or download an infected attachment.

Social media has made this even simpler for cyber crooks. Not only is it now fairly simple to gather enough personal information about a user in order to send targeted attacks known as spear phishing. And ‘clickbait’ headlines often lead to malicious websites outside of the social media site the headline originated from. With this in mind, perhaps the only answer to this is to ensure that your security software is capable of scanning and blocking sites so as to ensure that it’s impossible to unknowingly land on an infected site.

Securing a device then is a mixture of the right software and plain common sense. Once a user understands the risks and the means by which malware comes into a device, they are much more capable of ensuring that they are protected.

Final Thoughts

Cybercrime is a huge market and is now thought to be worth more than the global drugs trade. In order to attempt to combat it, it’s necessary for consumers and businesses alike to ensure that they are educated on the dangers and how to protect themselves. In the modern, connected, digital world, all of us are at risk from the thefts associated with cybercrime and nobody is exempt – save for those that don’t have any form of computer device.

For businesses, breaches are becoming increasingly common and often, this is due to malware and hacks. This can lead to serious consequences, particularly if the business is subject to PCI DSS or HIPPA regulations. If a breach occurs and the company is found to have not put into place adequate protection, then it’s likely that it will be subject to massive fines. More worryingly, it’s thought that businesses that suffer a data loss will fail within six months and that 86% of consumers would avoid a brand that had suffered a breach.

Mobiles and tablets haven’t yet got to the point where they are replacing desktop PCs, but they have both been subject to a somewhat meteoric rise in recent years. This makes them increasingly attractive to cybercriminals, and as such, both businesses and consumers alike should be aware of the risks and how they can protect themselves.

Share this post!